Follow for free plugins, new theme releases and theme news
Plugin Description
This is NOT standalone plugin and it can’t be used on it’s own. This is an addon for Smart Security Tools plugin for WordPress, and it is also available on CodeCanyon here:
You need to purchase and install this main plugin first. Do not attempt to use this addon on its own, it will not work.
Smart Security Tools: Login Limit Addon is powerful addition for Smart Security Tools plugin bringing additional tools for website protection related to WordPress login form.
This addon includes 3 main modules, and you can use only what you need for your website and disable other modules:
- Login Limiter
- Login Honeypot
- Blocked Usernames
Login Limiter: Prevent brute force login attacks
This module is made to prevent brute force attacks many bots use to crack the username and password. With this module you can throttle number of wrong login attempts single IP can make in a period of time. If the login fails, it will be logged, and if number of failures reaches set number, IP will be temporarilly banned. After that, if more failed logins are detected from same IP it will be banned permanently.
Plugin hooks into WordPress authentication system for the most part, and all plugins with login forms or login widgets depend on this. So, plugin will detect invalid logins regardless of the login method. But, banning user from accessing login form will work only with WordPress own wp-login.php page since most third party plugins have no way of controlling how or if the form is displayed at all.
Login Honeypot: Prevent logins from bots
With honeypot field plugin targets logins made by bots. Honeypot field is is invisible to normal users, but most bots will fill it and that will get them caught in the trap and get banned.
This module can be used only if you use only ‘wp-login.php’ for login. If you use some login widgets or some other login method, do not use this module!
Blocked Usernames: Prevent logins using listed usernames
Most brute force attacks attempt login as ‘admin’ (most common WordPress username). So, change your username to something else and set this module to check if someone is using admin username. If same IP does that more than once, it will get banned, and you can set number of failed logins to trigger this trap.
Addon Requirements
- WordPress 3.8 or newer
- Smart Security Tools 3.2 or newer: get it here
Changelog
Version 2.3 / 2016.03.08.
- Updated: WordPress supported minimal version is now 3.8
- Fixed: Temp ban always ignoring disabled option
Version 2.2 / 2015.12.21.
- Fix: Minor addon initialization problem
- Fix: Conflict with reCaptcha addon
